Lucene search

K

[email protected]CVE-2022-23090

HistoryFeb 15, 2024 - 6:15 a.m.

CVE-2022-23090

2024-02-1506:15:00

[email protected]

web.nvd.nist.gov

31

cve-2022-23090

aio_aqueue

lio_listio

credential

reference count

use after free

nvd

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.

An attacker may cause the reference count to overflow, leading to a use after free (UAF).

References

security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc

security.netapp.com/advisory/ntap-20240415-0007/

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

Related for CVE-2022-23090

prion1 freebsd1 freebsd_advisory1 cvelist1 nessus1